So you got 3 months to get it worked out next time. I assume you went with the short time just to get something up and running, while you look for solutions that will keep this from happening again.

Unfortunately, I’m not quite sure how to undo the hole. Now that the certificate is valid, the option isn’t showing to remove the override on the site properties. I’ll probably look up how to do it, but I’m on Chrome on Win7 if anyone knows the instructions, or knows for sure that it’s clear.

When quoting from a reply, if there is a smiley included within a quote, the forum software does this by default (Large Smiley) Best just to delete the quoted smiley from within the quote, as it’s the text within the quote that really counts.

1 user thanked author for this post.

What a relief! I’ve been dying to ask if anyone had heard the joke about how many computer geeks it takes to change a SSL certificate, but decided it was unlikely to prove a contribution looked on with favour.

3 users thanked author for this post.

Good to see the site back now. I really hope this won’t happen again as it’s been, what, the third time at least? I hope it didn’t deter too many new users from coming here. I can’t imagine it looks too good when a site about Windows and security is throwing security errors when trying to access it for a week.

Personally, I won’t add an exception in my browser for a website that should not need an exception especially for a site that has been attacked for a prolonged period of time in the past. I hope this will be the last time such an issue occurs. 🙂

Good to see the site back now. I really hope this won’t happen again as it’s been, what, the third time at least? I hope it didn’t deter too many new users from coming here. I can’t imagine it looks too good when a site about Windows and security is throwing security errors when trying to access it for a week. Personally, I won’t add an exception in my browser for a website that should not need an exception especially for a site that has been attacked for a prolonged period of time in the past. I hope this will be the last time such an issue occurs. 🙂

With all the hats Woody is wearing and all the problems he has saved us from he is the right to make a mistake. I for one will continue to thank Woody for all he does.

2 users thanked author for this post.

Judging from what Woody wrote here #204620 , it looks as if the problem was that the certificate, supposed to be renewed automatically, wasn’t. So he himself might have been the innocent victim of someone else’s failure to perform as agreed to, not the unwitting perpetrator.

But see also the posting here by mcbsys #204775 and #204793 about the fault being sometimes on the other side of the equation.

Congrats on getting Let’s Encrypt set up. I’ve been using that on a couple servers with good success. Yes, only three months is normal. Yes, it should auto-renew 30 days before expiration (so really you get a new cert every two months). Yes, it failed once because I mis-configured something, so put a note in your calendar to confirm that it renewed by 9/18/2018.

I actually have my daily cron job that does the “check for renewal” set up to send me an email every day. Usually it just says “cert not due for renewal” but when it renews, I see that too. I also see the periodic automatic updates to the Let’s Encrypt script.

NOTE Sometimes (probably when “officially” installed via apt-get), certbot also creates its own cron job as /etc/cron.d/certbot that runs twice per day. If that job handles the renewal, because it doesn’t include the hook to restart Apache, the old cert will continue to be served. Restart Apache to load the new cert (sudo /opt/bitnami/ctlscript.sh restart apache), then rename /etc/cron.d/certbot to certbot.disabled.

Plus Membership

Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.

AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments. Click here for details and to sign up.